# I am the Watcher. I am your guide through this vast new twtiverse.
#
# Usage:
# https://watcher.sour.is/api/plain/users View list of users and latest twt date.
# https://watcher.sour.is/api/plain/twt View all twts.
# https://watcher.sour.is/api/plain/mentions?uri=:uri View all mentions for uri.
# https://watcher.sour.is/api/plain/conv/:hash View all twts for a conversation subject.
#
# Options:
# uri Filter to show a specific users twts.
# offset Start index for quey.
# limit Count of items to return (going back in time).
#
# twt range = 1 24
# self = https://watcher.sour.is/conv/2p5jzrq
@prologic, what would you advise about dealing with this person? This is like the 6th time they've registered and I've deleted them. I would like to prevent them from registering without turning off registrations altogether. Options?
@abucci We have to build a better option. I'm not sure we as a community have settled on a good way to deal with this yet? π€
Should we just put the same captcha we use on the Support form on the Register form and call it a day? π€
@abucci We have to build a better option. I'm not sure we as a community have settled on a good way to deal with this yet? π€
Should we just put the same captcha we use on the Support form on the Register form and call it a day? π€
@abucci We have to build a better option. I'm not sure we as a community have settled on a good way to deal with this yet? π€
Should we just put the same captcha we use on the Support form on the Register form and call it a day? π€
@abucci We have to build a better option. I'm not sure we as a community have settled on a good way to deal with this yet? π€
Should we just put the same captcha we use on the Support form on the Register form and call it a day? π€
@prologic sounds like we need toβ¦captcha the bots π
@prologic the registration flow does not require an email address. You can just enter a username and password (anything at all for the password) and blammo, you have an account.
There needs to be some kind of tarpit). Even a minimal one would probably stop this (davi)shiz. Right now there's none! What stops someone from writing a script that mass-registers thousands of accounts per second?
@abucci So a simple email verification flow?
@abucci So a simple email verification flow?
@abucci So a simple email verification flow?
@abucci So a simple email verification flow?
@prologic I say, revamp the whole login to be like micro.blog does it. Enter email, you receive a link to login. Drop a cookie. Rinse and repeat.
@prologic That's one kind of tarpit, but there are many ways to slow down the registration process. I don't know if anyone who uses yarn/twtxt objects to email verification flows (some people don't like them).
@prologic I'm pretty sure it's still possible to mass-register accounts, through some tempmail services. - It just makes doing so harder.
In this case, despite hating captchas, they still seem like a best solution to this. Especially if there's still ones, that'd work, while being well made, not too annoying and made with accessibility in mind. π€
@thecanine So let's do both then? Reuse the same captcha we already have, plus add email verification. Which thankfully doesn't violate our design of not storing the email, as we can still just store the has, send a verification link with a short time-to-live token (JWT) and if we don't get the link verified, boom you're out π
@thecanine So let's do both then? Reuse the same captcha we already have, plus add email verification. Which thankfully doesn't violate our design of not storing the email, as we can still just store the has, send a verification link with a short time-to-live token (JWT) and if we don't get the link verified, boom you're out π
@thecanine So let's do both then? Reuse the same captcha we already have, plus add email verification. Which thankfully doesn't violate our design of not storing the email, as we can still just store the has, send a verification link with a short time-to-live token (JWT) and if we don't get the link verified, boom you're out π
@thecanine So let's do both then? Reuse the same captcha we already have, plus add email verification. Which thankfully doesn't violate our design of not storing the email, as we can still just store the has, send a verification link with a short time-to-live token (JWT) and if we don't get the link verified, boom you're out π
@prologic Yeah, this is probably the best option, especially if the e-mail isn't kept anywhere, after the verification.